After a lot of discussion and debate, the UID project is now moving forward. In mid- December, the Unique Identification Authority of India (UIDAI) invited proposals from IT consulting companies for providing consultancy services to UIDAI for setting up of a Central ID Data Repository (CIDR) and selection of managed service provider (MSP). The move is aimed at appointing a consultant for designing a programme management strategy and implementing the roadmap for the UID project.
The UIDAI would begin issuing unique ID numbers by February 2011, and intends to issue IDs to 600 million citizens in four years. India will be the first country to implement a biometric-based unique ID system for its residents on such a large scale. The project estimated to cost around Rs 30,000 crore will eventually cover the entire population of the country. The unique 16-digit number can be accessed and verified online from anywhere in the country.
"All the enrolling agencies will probably have to make the UID number a primary field of their databases. This will enable them to leverage the power of this number to improve their systems and processes"
The timing of this initiative coincides with the increased focus of the government on social inclusion and development through massive investments in social sector programmes, and upgrading public services delivery through e-governance programmes. As Chairman Nandan Nilekani has reiterated "I think it (UID) is a very powerful and inclusive idea. It will help the poor have better access to public services and will be a great enabler for their financial inclusion. The flagship welfare schemes of the government can be made more efficient," he said, adding that it will help strengthen national security, reducing fraud and increasing tax collection.
How do you see the universal identification (UID) programme aiding development goals of the government, especially given the identification process and the Reserve Bank of India’s Know Your Customer (KYC) norms?
This is exactly the place where UID comes in: once a bank or any other institution is enrolling a person into the UID system, it is going to verify whether he is the person who he claims to be or not. The data standards and verification norms which the Authority is prescribing for its Know Your Resident (KYR) process are, to the extent possible, being aligned with the KYC requirements of no-frills accounts. Once that happens, then opening a no-frills account will not require any additional authentication; the basic authentication done by UIDAI should be sufficient.
How do you see UID aiding the financial inclusion initiatives?
UIDAI provides two assurances. The first is that we will have a unique identification for everybody and there will be no duplicates or fake IDs, which means if somebody has got an ID, he or she has to be living at the point of time of collecting the details. So, uniqueness and existence are two basic things which we will ensure. The other thing which we will ensure, and this is a crucial to promoting financial inclusion, is the online, cost-effective real-time authentication of the identity of the person making any transaction.
Who all are the UIDs being given to?
Every resident of this country: adults, children, everybody.
This is an enormous exercise that can help banks and financial institutions know who meets the KYC norms and who does not, which in effect means that such institutions will no longer need to follow the KYC norms?
Yes. In fact, what we are saying is that the bankers themselves can be the enrolling registrars for providing the UIDs. We are not saying that the banking institutions will not need to follow the KYC Norms. What we are saying is that they can re-use the information collected by other registrars like NREGS and, if required, supplement it with any other information which they might need for their own purposes.
Wouldn’t this require a standardisation of KYC norms across agencies, across registrars?
All agencies who are going to work as our registrars have to follow a standard KYR process for enrolling into UID System. In order to develop these standards UIDAI has set up two committees. One is a nine-member Biometric Standards Committee headed by National Informatics Centre Chairman B K Gairola. This committee is going to decide as to what kind of biometrics to capture - face, all finger prints, two/four finger prints, iris etc.
The other committee is a 16-member Demographic Data Standards and Verification Procedure Committee, with former Central Vigilance Commissioner N Vittal as its Chairman. Demographic data standards will cover information like a person's name, his father/mother/guardian name, address, date of birth, etc. It is the task of the Vittal Committee to identify the fields of data and verification methods to ensure the veracity of such demographic data. Vittal Committee has already submitted the report and all the recommendations of the Committee have been accepted by the UIDAI. The report is available on our web-site : www.uidai.gov.in The other Committee is also expected to submit its report soon.
Such uniformity in collection of demographic data and biometric will ensure that the data of a person enrolled by NREGS can be reliably used by a Grameen Bank. Therefore, this will actually eliminate the problem of re-verification of the same details about the same individual again and again by each agency.
Are we looking at one large data repository of all residents?
Yes. There will be one common repository with the UID called the Central ID Repository (CIDR). UIDAI will not issue any card to the residents. However, we shall send a letter to the residents giving their UID number and they can keep that letter as a kind of card (there will be a perforated part which can be torn out - similar to what they give in US for the Social Security Number (SSN)
Thus far we have had complete consensus from all. There is no agency in the system that has not agreed to cooperate or help us in this endeavour. There is an all-round support for the project.
Don't you think that integrating data collected by different enrolling agencies using different systems will need to be assimilated using a common standard? How will the UID be embedded into various applications?
As I explained just now, every agency working as our Registrar is going to use the same method of data collection and verification for UID purposes. They can, in addition, collect data which these agencies may require for their purposes. However, there will be complete standardisation of the processes for UID enrolment purposes and this will ensure that irrespective of which route the data came from, it has gone through the same processes and therefore has the same reliability.
For leveraging the power of the UID number, various agencies will have to embed the UID number into their databases. This will enable cross linkages across systems and processes. This is of a tremendous advantage because various databases will then be able to talk to each other; today, their systems have no cross linkages and they are unable to figure out how many times a person figures in their database? So, this will have a cleansing effect on all existing databases. The result is that enrolling agencies will be able to clean their databases and further streamline operations.
But will this not involve a major change in the mindsets?
Yes, you are right. We will have to provide some hand-holding to all enrolling agencies to ensure standardisation and also help them in becoming UID-ready. They will need to change their systems to leverage the power of UIDs. So, some standardisation is a basic pre-requisite of the task on hand and it cannot be avoided.
Will there be a standardisation of the identity proof that is going to be issued by different registrars and will this be some kind of a smart card?
We are not issuing any direction to our registrars with regard to cards. The registrars are free to give anything they want to their clients/customers. Our business is quite simple. Once we have collected the basic demographic and biometric details for which there will be a standard process, we will be able to provide Unique IDS. Further we will be putting in place a simple and cost-effective authentication process for verifying such identities. That itself will be a great game changer. The registrars can give a smart card or whatever they like to their clients, but it should have the UID number. We are basically performing two simple functions: giving UIDs and authenticating these IDs as and when required.
Biometric Standards will be driven by the ultimate objective of de-duplication and the obligation of delivering on the promise of uniqueness. Our standards will be open and interoperable. We are clear that we should not be tied to any particular technology.
What are the checks being put in to ensure that the UID number of person is not in use after he/she ceases to exist?
If there is a good birth and death registration system in the country, then it will enable us to put a flag on that particular UID number. Otherwise, we really have no way to figure out if a person with a given identity exists or not. And, this is where biometrics comes in. One can only use a UID number provided one has the necessary biometric identification to prove his identity. So, while a person may continue to exist in the database even after his death, he cannot make use of facilities like claiming pensions and other services, unless he/she is able to prove his/her identity. So, this whole process of dead or non-existent people drawing pensions and even salaries gets eliminated and you also get an assurance that facilities are being used by the real persons and not by the fake or dead.
Is the government looking at prospects of specific technologies and standards that will be used?
Yes, certainly. We are looking at the question of standards. These will be driven by the ultimate objective of de-duplication and the obligation of delivering on the promise of uniqueness. And here our standards will be as open and based on international standards (ISO, etc). In our operations, we are clear that we should not be tied to a particular technology.
What are the challenges you see ahead?
Actually, there are a whole lot of challenges. To name just a few: One is the technological challenge itself, because nowhere in the world does a database for 1.2 billion people exists. The largest biometric database currently is in the US, which covers only about 110 million people. The UID project is 10 times that size. So, de-duplication in such a large database is a big challenge. Two, I think making systems UID compliant is another big challenge. Logistics is certainly going to be another. India is a very diverse country and you have past, present and future co-existing at the same time. Then, reaching out to the people who are unreached so far is another big challenge. There may be some resistance from the people who are going to be affected. They will try to find shortcomings with the system, trying to create examples that the system is not going to work.
Is there any role of PRIs in this?
Yes, the verification is at the local level. Ultimately, a villager knows his fellow villagers, even a government employee will not know each person in the village. Therefore, we will have to depend heavily on the PRIs to verify the people, probably help us in enrolments also.
The big debate sometime back was does UID mean you are a citizen of India?
The mandate of the UIDAI is to provide UID numbers to all the residents of the country.
Given the enormity of the task, what kind of organizational structure has been envisaged?
We have clarity on this issue. Structure-wise, we are dividing the country into eight regions. While the initial idea was that we should have a UID commissioner in each state, we do not think this is required in the initial stages. For example, Pondicherry is a very small UT and Uttar Pradesh a very big state, so we should not really go state by state. We are planning to have a regional office that will cater to a population of about 150-170 million. Then, there will be one central office in Delhi and the technology centre in Bangalore.
Has a dialogue been initiated at the state level?
Our Chairman, Nandan Nilekani, has visited 12 states so far. This apart, the UIDAI has held consultations with all the regulators, state and central departments. We have met, for example, the TRAI, the RBI, the PFRDA, IRDA, telecom department, health, education and the rural development department. We have also met all the statutory authorities, like the CIC, CVC and Election Commission.
Is getting a consensus proving to be a challenge?
I think thus far we have had full support from all and there is no agency in the system that has not agreed to cooperate or help us in this endeavour. There is absolutely no resistance. Everybody is quite excited about the project. Personally, I look at it as a project that has the potential to transform governance in this country.